Contao
Easy fix4 remedies
cpe:2.3:a:contao:contao:*:*:*:*:*:*:*
Easy fix4 remedies
- 4.0
- 4.1
- 4.2
- 4.3
- 4.4
- 4.5
- 4.6
- 4.7
- 4.8
- 4.9
- 4.10
- 4.11
- 4.12
- 4.13
- 5.0
- 5.1
- 5.2
- 5.3
- 5.4
- 5.5
- 5.6
Contao Cross-Site Scripting Vulnerability in Template Output
Vulnerability
Patched
A cross-site scripting vulnerability has been identified in Contao versions 4.0.0 prior to 4.13.57, 5.3.42 prior to 5.6.5. This issue allows code injection into template outputs, which is then executed in the browser on both the front end and back end. The vulnerability arises from certain templates that do not properly sanitize output, enabling the execution of injected code.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Remediation
Users can upgrade to Contao versions 4.13.57, 5.3.42, or 5.6.5 to address this vulnerability. Alternatively, affected templates can be manually patched or not used at all.
Added: Nov 25, 2025, 7:17 PM
Updated: Nov 25, 2025, 10:31 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
5.0remediation
8.3relevance
1.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.